Projet

Général

Profil

« Précédent | Suivant » 

Révision 2da48592

Ajouté par jim-p il y a presque 10 ans

Allow the user to select "None" for OpenVPN client certificate, so long as they supply and auth user/pass. Ticket #3633

Voir les différences:

etc/inc/openvpn.inc
593 593 
		if (!isset($settings['cert_depth']) && (strstr($settings['mode'], 'tls')))
594 594 
			$settings['cert_depth'] = 1;
595 595 
		if (is_numeric($settings['cert_depth'])) {
596 
			$cert = lookup_cert($settings['certref']);
597 
			/* XXX: Seems not used at all! */
598 
			$servercn = urlencode(cert_get_cn($cert['crt']));
599 
			$conf .= "tls-verify \"/usr/local/sbin/ovpn_auth_verify tls '{$servercn}' {$settings['cert_depth']}\"\n";
596 
			if (($mode == 'client') && empty($settings['certref']))
597 
				$cert = "";
598 
			else {
599 
				$cert = lookup_cert($settings['certref']);
600 
				/* XXX: Seems not used at all! */
601 
				$servercn = urlencode(cert_get_cn($cert['crt']));
602 
				$conf .= "tls-verify \"/usr/local/sbin/ovpn_auth_verify tls '{$servercn}' {$settings['cert_depth']}\"\n";
603 
			}
600 604 
		}
601 605 

  		




  602
  606
  
    
		// The local port to listen on


  		




  ......




  723
  727
  
    
		case 'server_user':


  		




  724
  728
  
    
			$ca = lookup_ca($settings['caref']);


  		




  725
  729
  
    
			openvpn_add_keyfile($ca['crt'], $conf, $mode_id, "ca");


  		




  726
  
  
    
			$cert = lookup_cert($settings['certref']);


  		




  727
  
  
    
			openvpn_add_keyfile($cert['crt'], $conf, $mode_id, "cert");


  		




  728
  
  
    
			openvpn_add_keyfile($cert['prv'], $conf, $mode_id, "key");


  		




  
  730
  
    

  		




  
  731
  
    
			if (!empty($settings['certref'])) {


  		




  
  732
  
    
				$cert = lookup_cert($settings['certref']);


  		




  
  733
  
    
				openvpn_add_keyfile($cert['crt'], $conf, $mode_id, "cert");


  		




  
  734
  
    
				openvpn_add_keyfile($cert['prv'], $conf, $mode_id, "key");


  		




  
  735
  
    
			}


  		




  729
  736
  
    
			if ($mode == 'server')


  		




  730
  737
  
    
				$conf .= "dh {$g['etc_path']}/dh-parameters.{$settings['dh_length']}\n";


  		




  731
  738
  
    
			if (!empty($settings['crlref'])) {


  		












  

    
      usr/local/www/vpn_openvpn_client.php
    
  





  244
  244
  
    

  		




  245
  245
  
    
	/* If we are not in shared key mode, then we need the CA/Cert. */


  		




  246
  246
  
    
	if ($pconfig['mode'] != "p2p_shared_key") {


  		




  247
  
  
    
		$reqdfields = explode(" ", "caref certref");


  		




  248
  
  
    
		$reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));


  		




  
  247
  
    
		$reqdfields = explode(" ", "caref");


  		




  
  248
  
    
		$reqdfieldsn = array(gettext("Certificate Authority"));


  		




  249
  249
  
    
	} elseif (!$pconfig['autokey_enable']) {


  		




  250
  250
  
    
		/* We only need the shared key filled in if we are in shared key mode and autokey is not selected. */


  		




  251
  251
  
    
		$reqdfields = array('shared_key');


  		




  ......




  253
  253
  
    
	}


  		




  254
  254
  
    

  		




  255
  255
  
    
	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);


  		




  256
  
  
    
	


  		




  
  256
  
    

  		




  
  257
  
    
	if (($pconfig['mode'] != "p2p_shared_key") && empty($pconfig['certref']) && empty($pconfig['auth_user']) && empty($pconfig['auth_pass'])) {


  		




  
  258
  
    
		$input_errors[] = gettext("If no Client Certificate is selected, a username and password must be entered.");


  		




  
  259
  
    
	}


  		




  
  260
  
    

  		




  257
  261
  
    
	if (!$input_errors) {


  		




  258
  262
  
    

  		




  259
  263
  
    
		$client = array();


  		




  ......




  733
  737
  
    
					<tr id="tls_cert">


  		




  734
  738
  
    
						<td width="22%" valign="top" class="vncellreq"><?=gettext("Client Certificate"); ?></td>


  		




  735
  739
  
    
							<td width="78%" class="vtable">


  		




  736
  
  
    
							<?php if (count($a_cert)): ?>


  		




  737
  740
  
    
							<select name='certref' class="formselect">


  		




  738
  741
  
    
							<?php


  		




  739
  742
  
    
							foreach ($a_cert as $cert):


  		




  ......




  753
  756
  
    
							?>


  		




  754
  757
  
    
								<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option>


  		




  755
  758
  
    
							<?php endforeach; ?>


  		




  
  759
  
    
								<option value="" <?PHP if (empty($pconfig['certref'])) echo "selected=\"selected\""; ?>>None (Username and Password required)</option>


  		




  756
  760
  
    
							</select>


  		




  757
  
  
    
							<?php else: ?>


  		




  758
  
  
    
								<b>No Certificates defined.</b> <br />Create one under <a href="system_certmanager.php">System &gt; Cert Manager</a>.


  		




  
  761
  
    
							<?php if (!count($a_cert)): ?>


  		




  
  762
  
    
								<b>No Certificates defined.</b> <br />Create one under <a href="system_certmanager.php">System &gt; Cert Manager</a> if one is required for this connection.


  		




  759
  763
  
    
							<?php endif; ?>


  		




  760
  764
  
    
						</td>


  		




  761
  765
  
    
					</tr>


  		












Formats disponibles :  Unified diff